Ubuntu Security Notice USN-2861-1

Ubuntu Security Notice 2861-1 - It was discovered that libpng incorrectly handled certain small bit-depth values. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Qixue Xiao and Chen Yu discovered that libpng incorrectly handled certain malformed images. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. Various other issues were also addressed.

It was discovered that libpng incorrectly handled certain small bit-depthvalues. If a user or automated system using libpng were tricked intoopening a specially crafted image, an attacker could exploit this to causea denial of service or execute code with the privileges of the userinvoking the program. (CVE-2015-8472)

Qixue Xiao and Chen Yu discovered that libpng incorrectly handled certainmalformed images. If a user or automated system using libpng were trickedinto opening a specially crafted image, an attacker could exploit this tocause a denial of service. (CVE-2015-8540)

Update instructions:

The problem can be corrected by updating your system to the followingpackage versions:

Ubuntu 15.10: libpng12-0 1.2.51-0ubuntu3.15.10.2

Ubuntu 15.04: libpng12-0 1.2.51-0ubuntu3.15.04.2

Ubuntu 14.04 LTS: libpng12-0 1.2.50-1ubuntu2.14.04.2

Ubuntu 12.04 LTS: libpng12-0 1.2.46-3ubuntu4.2

After a standard system update you need to restart your session to makeall the necessary changes.